1. Field of the Invention
This invention relates to payment processing. More specifically, it relates to fraud detection for repeated virtual payment card transactions between the same payor and payee.
2. Brief Description of the Related Art
Adjudication, payment and reconciliation of service provider claims against insurance carriers (particularly in the healthcare, travel and warranty industries) consumes substantial time and resources. Third party administrators (herein “TPAs”), insurance companies, and large self-funded corporations (herein “Payers”) adjudicate claims, compare them to a benefit plan and make the decision to write checks in payment for the claims. Currently, many payers are required to print checks and explanation of benefit (EOB) forms for delivery to the healthcare providers. The EOB lists the amount the healthcare provider billed the Payer's company and the amount the Payer's company paid on the claim. It may also list the contractual discount amount and the patient responsibility. If the claim is denied, the EOB will explain the reason for denial. EOB, explanation of payment (EOP) and remittance advice are synonymous for the purposes of this specification.
In an effort to streamline this process, Applicant developed a method described in U.S. Pat. No. 7,792,686, (succeeded by RE43904 and RE44748) the specification of which is incorporated herein by reference. The '686 patent discloses a method to deploy a virtual payment card to settle medical service claims. Since there is a one-to-one relationship between the virtual payment card and the specific claim, reconciling the payment is made substantially more efficient.
Virtual payment cards have a number of security advantages. Virtual payment cards generate a unique credit card number to settle a specific transaction. Also referred to as “single-use credit cards” or “one-time-use credit cards”, virtual payment cards offer businesses a highly controlled and secure way of making payments.
A single-use virtual payment card number is issued for a specific transaction or claim, similar to what traditionally was only paid by a check. Once the transaction is processed, the virtual payment card number becomes invalid until it is “recycled” sometime later for another payment. However, a recycled virtual payment card number will likely be mated with a new expiration date and security code as well. Virtual card payments are processed just like traditional credit card payments and are highly convenient for the payee.
For payment of claims (medical, warranty, travel and the like) the workflow often involves a payment processor that directs the delivery of virtual payment cards to payees on a regular basis. One such payment processor operates under the brand STONEEAGLE. A payment processor like STONEEAGLE may process hundreds of millions of dollars in payments using virtual payment cards with a substantial amount of repeat payments to the same payees (e.g., health care providers).
Virtual card payments to payees are tightly control, highly secure and promptly reconciled. Accordingly, opportunities for fraud are limited in frequency as well as scope (e.g., virtual cards are unique for a transaction and further limited in authorized amounts). However, it is possible that some fraud could occur, most likely internal to the payee's business operation.
For example, a payment processor may send a virtual payment card for a $1,000 authorized claim payment to a health care provider office. An employee within that office intercepts the virtual payment card information and using a portable card terminal, processes the virtual payment card transaction for his own benefit thereby stealing the payment intended for his employer. The employee would have a difficult time keeping the theft secret for long as the details of the transaction including his merchant account, depositing bank, IP address of his portable device and other meta data of the transaction would be captured and stored.
Nevertheless, as virtual card payments have become more ubiquitous in business-to-business commerce, there is a need for additional security controls to reduce opportunities for theft.